...
| Wiki Markup |
|---|
Section 6.5 of \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] (C99) defines the precedence of operation by the order of the subclauses. |
...
Noncompliant Code Example
The intent of the expression in this non-compliant noncompliant code example is to test the least significant bit of x.
...
| Code Block | ||
|---|---|---|
| ||
(x & 0) |
and then to 0.
Compliant Solution
In this compliant solution, parentheses are used to ensure the expression evaluates as expected.
| Code Block | ||
|---|---|---|
| ||
(x & 1) == 0 |
Exceptions
EXP00-EX1: Mathematical expressions that follow algebraic order do not require parentheses. For instance, in the expression:
...
| Code Block | ||
|---|---|---|
| ||
x + (y * z) |
Risk Assessment
Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way. This can lead to unexpected and abnormal program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP00-A C | low | probable | medium | P4 | L3 |
Automated Detection
The LDRA tool suite V 7.6.0 is able to can detect violations of this recommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Precedence, pp. 287-288) \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.5, "Expressions" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "JCW Operator precedence/Order of Evaluation" \[[Kernighan 88|AA. C References#Kernighan 88]\] \[[MISRA 04|AA. C References#MISRA 04]\] Rule 12.1 \[[NASA-GB-1740.13|AA. C References#NASA-GB-1740.13]\] Section 6.4.3, "C Language" |
...
03. Expressions (EXP) 03. Expressions (EXP) EXP01-AC. Do not take the size of a pointer to determine the size of the pointed-to type